Cybercrime: The new global scourge

December 11, 2008 11:18 IST

FutureBazaar India, the online shopping portal of Pantaloon Retail, one of India's largest retailers, can access over 150 global validation tests to screen for fraud and determine in real-time whether online transactions should be accepted, rejected, or marked for further review.

Virendra Chhatbar, chief finance officer at FutureBazaar, says: "As e-commerce continues its rapid growth in India, retailers must be increasingly vigilant to the threat of fraud. The risk management solution (from CyberSource) gives us that greater level of intelligence."

This, of course, is simply a case in point. Not only firms but countries, too, are waking up to the fact that online fraudsters and cybercriminals do not limit themselves to geographical boundaries.

Consider these cases in point. In May 2008, Belgium and India joined the growing number of countries claiming to be victims of cyberattacks, believed to be originating from China.

In August 2008, a coordinated cyberattack was launched against Georgia's infrastructure, compromising Georgian government websites including the Ministry of Foreign Affairs. The Georgian government alleged the disruption was caused by Russia following tensions between it and Russia over South Ossetia.

Dave DeWalt President & CEO, McAfee, says in his firms firm's new 'virtual criminology' report. "While a lot has been done to combat cybercrime over the past decade, criminals still have the upper hand. Some experts have argued that a cyberattack could be more economically devastating than the physical attacks, so clearly something has to change. Fighting cybercrime is a 24/7 battle, a global battle, and it's only just begun."

The report cities three key findings. First, cybercrime isn't yet enough of a priority for governments around the world to allow the fight against it to make real headway worldwide. In contrast, cybercriminals are sharpening their focus. Recession is fertile ground for criminal activity as fraudsters clamour to capitalise the climate of fear and anxiety.

Cross-border law enforcement remains a long-standing hurdle to fighting cybercrime. Local issues mean laws are difficult in different countries. Cybercriminals will, therefore, always retain the edge unless serious resources are allocated to international efforts.

Third, law-enforcement at every level remains ad hoc and ill-equipped to cope with cyber crime. Law courts around the world are staffed with people with liitle understanding of digital forensics and evidence collection in case of a cyber attack.

The cyberkingpins remain at large, while the minor mules are caught and brought to rights. Some governments are guilty of protecting their in-country offenders. Vijay Mukhi, President of the Foundation of Internet Security and Technology (FIST), in India concurs: "Cybercrime has reared its head as a big problem in India. However, politicians and judges do not understand how to deal with it, and in fact few of them ever use the internet. Police are reluctant to register cases against the accused because the cases are too difficult to prosecute. The Indian IT Act, 2000, has some relevant provisions, but has resulted in only one successful prosecution that of credit card fraudsters."

Generally, fraud and trade secrecy provisions are civil offences and hence will not be investigated by police. Kingfisher Airlines recently lost between $4 million and $5 million due to stolen credit cards, he adds.

Insecure internet-connected machines provide a safe haven for cybercriminals, indicates the virtual criminology report. The number of compromised zombie PCs in botnets has quadrupled in the last quarter alone.

These machines are now capable of flooding the internet with more than 100 billion spam messages per day. Botnets are increasingly switching to phishing, distributed denial of service (DDoS) and website attacks. These are a growing threat to national security, national information infrastructure, and the economy.

New ways of laundering illicitly gained money are also emerging. Online fraudsters are using a variety of untraceable means by which to launder the proceeds of crime.

While previously fraudulent payments could be tracked and recovered within the banking system, experts now agree that the law has not kept up with innovations in payment systems. Online fraudsters are increasingly using non-bank payment services, for example e-gold. This is making the old style mantra of "follow the money" harder and harder to follow.

Virtual world gaming is also starting to suffer from real-world problems -- theft of identity and virtual assets, extortion, and even terrorist attacks. South Korea, where 30 million people are active in social networks like CyWorld and Police, has seen many attacks originating from China.

In November 2007, a Dutch teenager was arrested for allegedly stealing virtual furniture worth Euro 4,000 from rooms in Habbo Hotel, a 3D social networking and gaming website.

Five other teenagers were also questioned in connection with the case. The group apparently created fake Habbo websites and enticed players into visiting them. Usernames and passwords were then harvested and used to break into the real accounts to steal the virtual furniture. Police is certain they will need better capacity to deal with such virtual crimes in future.

Billions of dollars lost each year to malicious software

F-Secure's end of year security report, too, highlights that 2008 has been another record year of explosive growth in the amount of malicious software (malware) on the Internet.

Its detection count tripled in one year, which means that the total amount of malware accumulated over the previous 21 years increased by 200 per cent in the course of just one year. Furthermore, the report states that Criminal activity for financial gain remains the driver for the massive increase in Internet threats.

The report predicts there will be continued growth in the quantity of online threats with a continued incremental evolution of the malware involved. There are likely to be hundreds of millions to billions of dollars lost each year to crime. A good percentage of that is involved with online transactions in one form or another.

The number of smartphones globally has grown from approximately 300 million in 2007 to approximately 475 million by end of 2008. These figures are expected to continue growing, meaning there is an increasing number of people with both personal and business related information such as contacts, photos or e-mails, stored on their smartphones. Even thought there has not been a significant increase in malware for mobile phones, it is important to secure the data in case the smartphone is lost or stolen with anti-theft solutions.

Botnets will grow and will adopt new technologies such as the Peer to Peer (P2P) functions exhibited by the Storm worm. Recent successes against rogue ISPs will prompt malware authors to develop disaster recovery plans. Additional successes in cutting off command and control servers could incite an online territory war as online gangs compete for existing resources.

The report predicts that authorities will recognise the value in fighting online crime and the need will increase for the establishment of an international agency tasked with enforcement knowledge or investigative assistance. The call for the establishment of "Internetpol" by Mikko Hypponen, Chief Research Officer at F-Secure, has been received with great interest internationally.